Password Cracking

We will show different tools we can use to crack hashes.

Tools

hashcat

ASREPRoast

hashcat -m 18200 hash.txt /usr/share/wordlist/rockyou.txt

Kerberoasting

hashcat -m 13100 hash.txt /usr/share/wordlist/rockyou.txt

Hashcat Rules

Below we can see a sample rules files I created during an engagement.

:
l
u
c
$1$2$3$!
$1$2$3$!
$1$2$3$?

$2$0$2$0
$2$0$2$1
$2$0$2$2
$2$0$2$3
$2$0$2$4

l$1$2$3$!
u$1$2$3$!
c$1$2$3$!
lc$1$2$3$!

We can combine may other combinations but the above should work for many machines.

john

john --wordlist=/usr/share/wordlist/rockyou.txt hash.txt

Generate Name Permutations

Imagine we have found name of employees on the website of our target. We should generate a list with some common permutations for usernames.

We will use called username-anarchy to generate our permutations.

username-anarchy -i user.txt | awk '{ if (length($0) > 7) print }'

However I also developed my own little python script to generate simple usernames.

#!/usr/bin/env python
# Script to extract data (in this case Names) from a big String Line
from posixpath import split
from statistics import fmean


firstName = []
lastName  = []
fullName  = []


with open('data.txt') as f:
    for line in f:
        fName = line.splitlines()
        fullName.append(fName)


for fname in fullName:
    first = fname[0].split(' ')[0]
    last = fname[0].split(' ')[1]

    firstName.append(first)
    lastName.append(last)


for first in firstName:
    # john
    print(first)
    for last in lastName:
        # smith
        print(last)
        
        # john smith
        print(first+last)
        # smith john
        print(last+first)

        # john.smith
        print(first+"."+last)
        # smith.john
        print(last+"."+first)

        # jsmith
        print(first[0]+last)
        # sjohn
        print(last[0]+first)

        # j.smith
        print(first[0]+"."+last)
        # s.john
        print(last[0]+"."+first)

        # john.s
        print(first+"."+last[0])
        # smith.j
        print(last+"."+first[0])

However my script has duplicates so we need to do a little bashfu.

userGen.py | sort | uniq

Someday I should modify the script to request

Websites

PreviousHTTP POST Login Forms NextShells

Last updated 1 year ago

hashtagTools

hashtaghashcat

hashtagASREPRoast

hashtagKerberoasting

hashtagHashcat Rules

hashtagBelow we can see a sample rules files I created during an engagement.

hashtagjohn

hashtagGenerate Name Permutations

hashtagWebsites